How severe is CVE-2021-40647?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.5 out of 10.

What type of vulnerability is CVE-2021-40647?

This is classified as CWE-787, which is a common weakness in software security.

CVE-2021-40647 - MEDIUM Severity | CVSS 5.5

Vulnerability Description

In man2html 1.6g, a specific string being read in from a file will overwrite the size parameter in the top chunk of the heap. This at least causes the program to segmentation abort if the heap size parameter isn't aligned correctly. In version before GLIBC version 2.29 and aligned correctly, it allows arbitrary write anywhere in the programs memory.

Related Vulnerabilities

CVE-2012-4900

MEDIUM

CVSS:5.5(Medium)

Corel WordPerfect Office X6 16.0.0.388 has a DoS Vulnerability via untrusted pointer dereference

CWE-7872012

CVE-2015-5158

MEDIUM

CVSS:5.5(Medium)

Stack-based buffer overflow in hw/scsi/scsi-bus.c in QEMU, when built with SCSI-device emulation support, allows guest OS users with CAP_SYS_RAWIO permissions to cause a denial of service (instance cr...

CWE-7872015

CVE-2016-10246

MEDIUM

CVSS:5.5(Medium)

Buffer overflow in the main function in jstest_main.c in Mujstest in Artifex Software, Inc. MuPDF before 1.10 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted f...

CWE-7872016

CVE-2016-10247

MEDIUM

CVSS:5.5(Medium)

Buffer overflow in the my_getline function in jstest_main.c in Mujstest in Artifex Software, Inc. MuPDF before 1.10 allows remote attackers to cause a denial of service (out-of-bounds write) via a cra...

CWE-7872016

CVE-2016-4289

MEDIUM

CVSS:5.5(Medium)

A stack based buffer overflow vulnerability exists in the method receiving data from SysTreeView32 control of the GMER 2.1.19357 application. A specially created long path can lead to a buffer overflo...

CWE-7872016

CVE-2016-5310

MEDIUM

CVSS:5.5(Medium)

The RAR file parser component in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection: Network (ATP); Symantec Email Security.Cloud; Symantec Data Center Security: Server; Symantec E...

CWE-7872016